How I can disable IPV6 in a jail ?

Status
Not open for further replies.
E

esolma

Cadet
Joined
Sep 17, 2018
Messages
3
Hi,

I wanted to disable completly IPV6 on my freenas but i don't found a solution... I change some paratmeter in /conf/defaults/etc/rc.conf to do persistent but not work...
My problem is what i'm installing openvpn (client) in a jail and he pass to timeout when i asking for a response with ipv6. I didn't found anything to disable in a opvn file... Then I wanted to disable IPV6 for a workaround.
When I add in my jail in /etc/rc.conf some values I found on the net, it were change to initial state after reboot. How I can make persistent rc.conf in a jail ?

I'm on freenas 11.1u6

Than you and sorry for my english :)
 
ewhac

ewhac

Contributor
Joined
Aug 20, 2013
Messages
177
Assuming you created the jail using iocage, you should be able to disable IPv6 by changing the jail config:

iocage set ip6=disable <jail_name>
iocage restart <jail_name>

Where <jail_name> is the name of the jail you want to change. The restart is necessary for the changes to take effect.

If you did not use iocage (i.e. you used the legacy FreeNAS UI), then you'll need to fiddle around with warden...
 
E

esolma

Cadet
Joined
Sep 17, 2018
Messages
3
Hi thank you for your help but it's not works... for me :)
I tested with iocage and create a new jail but I don't have internet access and if I test openvpn I got message like "impossible to create tun/tap device : operation not permitted"
I test a lot of parameters like "vnet on" or defaultrouter etc etc... at the end I prefer work with a jail with GUI (I got web access almost)
This is my log from openvpn :
Code:
Tue Sep 18 14:41:56 2018 OpenVPN 2.4.6 amd64-portbld-freebsd11.1 [SSL (OpenSSL)] [LZO] [LZ4] [MH/RECVDA] [AEAD] built on Sep 16 2018
Tue Sep 18 14:41:56 2018 library versions: OpenSSL 1.0.2j-freebsd  26 Sep 2016, LZO 2.10
Tue Sep 18 14:41:56 2018 WARNING: --ns-cert-type is DEPRECATED.  Use --remote-cert-tls instead.
Tue Sep 18 14:41:56 2018 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Tue Sep 18 14:41:56 2018 TCP/UDP: Preserving recently used remote address: [AF_INET]77.234.46.18:553
Tue Sep 18 14:41:56 2018 Socket Buffers: R=[42080->42080] S=[9216->9216]
Tue Sep 18 14:41:56 2018 UDP link local: (not bound)
Tue Sep 18 14:41:56 2018 UDP link remote: [AF_INET]77.234.46.18:553
Tue Sep 18 14:41:56 2018 TLS: Initial packet from [AF_INET]77.234.46.18:553, sid=049e8814 bb99ff06
Tue Sep 18 14:41:56 2018 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Tue Sep 18 14:41:56 2018 VERIFY OK: depth=1, C=UK, ST=London, L=London, O=Privax Ltd, OU=HMA Pro VPN, CN=hidemyass.com, emailAddress=info@privax.com
Tue Sep 18 14:41:56 2018 VERIFY OK: nsCertType=SERVER
Tue Sep 18 14:41:56 2018 VERIFY OK: depth=0, C=UK, ST=London, L=London, O=Privax Ltd, OU=HMA Pro VPN, CN=server, emailAddress=info@privax.com
Tue Sep 18 14:41:56 2018 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
Tue Sep 18 14:41:56 2018 [server] Peer Connection Initiated with [AF_INET]77.234.46.18:553
Tue Sep 18 14:41:57 2018 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
Tue Sep 18 14:41:58 2018 PUSH: Received control message: 'PUSH_REPLY,dhcp-option DNS 100.120.7.1,redirect-gateway def1,ping 9,ping-restart 30,explicit-exit-notify 1,sndbuf 196608,rcvbuf 196608,route-gateway 100.120.7.1,topology subnet,redirect-gateway def1,ifconfig-ipv6 2001:db8:123::2/64 2001:db8:123::1,route-ipv6 2000::/3 2001:db8:123::1,explicit-exit-notify 2,compress,ifconfig 100.120.7.180 255.255.255.0,peer-id 5,cipher AES-256-GCM'
Tue Sep 18 14:41:58 2018 OPTIONS IMPORT: timers and/or timeouts modified
Tue Sep 18 14:41:58 2018 OPTIONS IMPORT: explicit notify parm(s) modified
Tue Sep 18 14:41:58 2018 OPTIONS IMPORT: compression parms modified
Tue Sep 18 14:41:58 2018 OPTIONS IMPORT: --sndbuf/--rcvbuf options modified
Tue Sep 18 14:41:58 2018 Socket Buffers: R=[42080->196608] S=[9216->196608]
Tue Sep 18 14:41:58 2018 OPTIONS IMPORT: --ifconfig/up options modified
Tue Sep 18 14:41:58 2018 OPTIONS IMPORT: route options modified
Tue Sep 18 14:41:58 2018 OPTIONS IMPORT: route-related options modified
Tue Sep 18 14:41:58 2018 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Tue Sep 18 14:41:58 2018 OPTIONS IMPORT: peer-id set
Tue Sep 18 14:41:58 2018 OPTIONS IMPORT: adjusting link_mtu to 1625
Tue Sep 18 14:41:58 2018 OPTIONS IMPORT: data channel crypto options modified
Tue Sep 18 14:41:58 2018 Data Channel: using negotiated cipher 'AES-256-GCM'
Tue Sep 18 14:41:58 2018 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Tue Sep 18 14:41:58 2018 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Tue Sep 18 14:41:58 2018 ROUTE_GATEWAY 192.168.1.1/255.255.255.0 IFACE=epair0b HWADDR=9e:26:58:3b:cb:1e
Tue Sep 18 14:41:58 2018 GDG6: remote_host_ipv6=n/a
Tue Sep 18 14:41:58 2018 GDG6: problem writing to routing socket
Tue Sep 18 14:41:58 2018 ROUTE6: default_gateway=UNDEF
Tue Sep 18 14:41:58 2018 TUN/TAP device /dev/tun4 opened
Tue Sep 18 14:41:58 2018 do_ifconfig, tt->did_ifconfig_ipv6_setup=1
Tue Sep 18 14:41:58 2018 /sbin/ifconfig tun4 100.120.7.180 100.120.7.1 mtu 1500 netmask 255.255.255.0 up
Tue Sep 18 14:41:58 2018 /sbin/route add -net 100.120.7.0 100.120.7.1 255.255.255.0
add net 100.120.7.0: gateway 100.120.7.1
Tue Sep 18 14:41:58 2018 /sbin/ifconfig tun4 inet6 2001:db8:123::2/64
Tue Sep 18 14:41:58 2018 /FreeNAS-Transmission-OpenVPN/scripts/start_transmission.sh tun4 1500 1553 100.120.7.180 255.255.255.0 init
transmission not running? (check /var/run/transmission/daemon.pid).
Starting transmission.
Tue Sep 18 14:41:58 2018 /sbin/route add -net 77.234.46.18 192.168.1.1 255.255.255.255
add net 77.234.46.18: gateway 192.168.1.1
Tue Sep 18 14:41:58 2018 /sbin/route add -net 0.0.0.0 100.120.7.1 128.0.0.0
add net 0.0.0.0: gateway 100.120.7.1
Tue Sep 18 14:41:58 2018 /sbin/route add -net 128.0.0.0 100.120.7.1 128.0.0.0
add net 128.0.0.0: gateway 100.120.7.1
Tue Sep 18 14:41:58 2018 add_route_ipv6(2000::/3 -> 2001:db8:123::1 metric 1) dev tun4
Tue Sep 18 14:41:58 2018 /sbin/route add -inet6 2000::/3 -iface tun4
add net 2000::/3: gateway tun4
Tue Sep 18 14:41:58 2018 Initialization Sequence Completed


Effectively I am connected.
But see what append when I test my ip :

Code:
truss wget -qO - http://wtfismyip.com/text
...
ioctl(0,TIOCGPGRP,0xffffe08c)			 = 0 (0x0)
getpgrp()					 = 53612 (0xd16c)
ioctl(0,TIOCGPGRP,0xffffdf2c)			 = 0 (0x0)
getpgrp()					 = 53612 (0xd16c)
socket(PF_INET6,SOCK_STREAM,0)			 = 3 (0x3)
connect(3,{ AF_INET6 [2607:5300:60:2592::]:80 },28) ERR#60 'Operation timed out'
close(3)					 = 0 (0x0)
stat("/usr/share/nls/en_US.UTF-8/libc.cat",0x7fffffffdb28) ERR#2 'No such file or directory'
stat("/usr/share/nls/libc/en_US.UTF-8",0x7fffffffdb28) ERR#2 'No such file or directory'
stat("/usr/local/share/nls/en_US.UTF-8/libc.cat",0x7fffffffdb28) ERR#2 'No such file or directory'
stat("/usr/local/share/nls/libc/en_US.UTF-8",0x7fffffffdb28) ERR#2 'No such file or directory'
ioctl(0,TIOCGPGRP,0xffffdf2c)			 = 0 (0x0)
getpgrp()					 = 53612 (0xd16c)
ioctl(0,TIOCGPGRP,0xffffdf2c)			 = 0 (0x0)
getpgrp()					 = 53612 (0xd16c)
socket(PF_INET,SOCK_STREAM,0)			 = 3 (0x3)
connect(3,{ AF_INET 198.27.74.146:80 },16)	 = 0 (0x0)
ioctl(0,TIOCGPGRP,0xffffdf2c)			 = 0 (0x0)
getpgrp()					 = 53612 (0xd16c)
select(4,0x0,{ 3 },0x0,{ 900.000000 })		 = 1 (0x1)
write(3,"GET /text HTTP/1.1\r\nUser-Agent"...,146) = 146 (0x92)
ioctl(0,TIOCGPGRP,0xffffe0bc)			 = 0 (0x0)
getpgrp()					 = 53612 (0xd16c)
select(4,{ 3 },0x0,0x0,{ 900.000000 })		 = 1 (0x1)
recvfrom(3,"HTTP/1.1 200 OK\r\nServer: nginx"...,511,0x2,NULL,0x0) = 295 (0x127)
read(3,"HTTP/1.1 200 OK\r\nServer: nginx"...,281) = 281 (0x119)
ioctl(0,TIOCGPGRP,0xffffe0bc)			 = 0 (0x0)
getpgrp()					 = 53612 (0xd16c)
stat("-",0x7fffffffe168)			 ERR#2 'No such file or directory'
openat(AT_FDCWD,"/usr/local/lib/charset.alias",O_NOFOLLOW,00) ERR#2 'No such file or directory'
ioctl(0,TIOCGPGRP,0xffffe0bc)			 = 0 (0x0)
getpgrp()					 = 53612 (0xd16c)
select(4,{ 3 },0x0,0x0,{ 900.000000 })		 = 1 (0x1)
read(3,"77.234.46.175\n",14)			 = 14 (0xe)
fstat(1,{ mode=crw--w---- ,inode=135,size=0,blksize=4096 }) = 0 (0x0)
ioctl(1,TIOCGETA,0xffffdde0)			 = 0 (0x0)
77.234.46.175
...


I got a timeout when he asking for something with ipv6

I wanted to desactivate ipv6 in a jail but I don't found the warden files or config file to add something like this :
Code:
inet6_enable="NO"
ip6addrctl_enable="NO"


Each time I change tese parameters in a jail, when I restart the jail the value is change to YES...

In the warden file I have only /etc/rc.freenas file...

Thank you for your help
 
Status
Not open for further replies.

Important Announcement for the TrueNAS Community.

The TrueNAS Community has now been moved. This forum will now become READ-ONLY for historical purposes. Please feel free to join us on the new TrueNAS Community Forums.

Related topics on forums.truenas.com for thread: "How I can disable IPV6 in a jail ?"

Similar threads

P
  • Locked
How can I prevent jail from starting? as well as FreeNAS Panic issue
Replies
3
Views
2K
Kevin Horton
Kevin Horton
Junicast
  • Locked
FreeNAS 9.10 IPv6 in jail
Replies
1
Views
1K
dlavigne
D
T
  • Locked
Enabling ipv6 router advertisement in a jail.
Replies
1
Views
2K
dlavigne
D
N
How to disable IPv6?
Replies
10
Views
8K
samarium
samarium
oliver.epper
iocage and ipv6 in TrueNAS
Replies
0
Views
188
oliver.epper
oliver.epper
Top